Many user-overridden methods are now allowed to return a Future
for flow control.

HTTP-related code is now shared between the tornado.httpserver,
tornado.simple_httpclient and tornado.wsgi modules, making support
for features such as chunked and gzip encoding more consistent.
HTTPServer now uses new delegate interfaces defined in tornado.httputil
in addition to its old single-callback interface.

New module tornado.tcpclient creates TCP connections with non-blocking
DNS, SSL handshaking, and support for IPv6.

Tornado now depends on the certifi
package instead of bundling its own copy of the Mozilla CA list. This will
be installed automatically when using pip or easy_install.

This version includes the changes to the secure cookie format first
introduced in version 3.2.1, and the xsrf token change
in version 3.2.2. If you are upgrading from an earlier
version, see those versions’ release notes.

WebSocket connections from other origin sites are now rejected by default.
To accept cross-origin websocket connections, override
the new method WebSocketHandler.check_origin.

WebSocketHandler no longer supports the old draft76 protocol
(this mainly affects Safari 5.x browsers). Applications should use
non-websocket workarounds for these browsers.

tornado.concurrent.Future is now always thread-unsafe (previously
it would be thread-safe if the concurrent.futures package was available).
This improves performance and provides more consistent semantics.
The parts of Tornado that accept Futures will accept both Tornado’s
thread-unsafe Futures and the thread-safe concurrent.futures.Future.

tornado.concurrent.Future now includes all the functionality
of the old TracebackFuture class. TracebackFuture is now
simply an alias for Future.

Coroutines no longer generate StackContexts by default, but they
will be created on demand when needed.

The internals of the tornado.gen module have been rewritten to
improve performance when using Futures, at the expense of some
performance degradation for the older YieldPoint interfaces.

New function with_timeout wraps a Future and raises an exception
if it doesn’t complete in a given amount of time.

New object moment can be yielded to allow the IOLoop to run for
one iteration before resuming.

Task is now a function returning a Future instead of a YieldPoint
subclass. This change should be transparent to application code, but
allows Task to take advantage of the newly-optimized Future
handling.

No longer gets confused when an IOError or OSError without
an errno attribute is raised.

BaseIOStream.read_bytes now accepts a partial keyword argument,
which can be used to return before the full amount has been read.
This is a more coroutine-friendly alternative to streaming_callback.

BaseIOStream.read_until and read_until_regex now acept a
max_bytes keyword argument which will cause the request to fail if
it cannot be satisfied from the given number of bytes.

IOStream no longer reads from the socket into memory if it does not
need data to satisfy a pending read. As a side effect, the close callback
will not be run immediately if the other side closes the connection
while there is unconsumed data in the buffer.

New setting compress_response replaces the existing gzip
setting; both names are accepted.

XSRF cookies that were not generated by this module (i.e. strings without
any particular formatting) are once again accepted (as long as the
cookie and body/header match). This pattern was common for
testing and non-browser clients but was broken by the changes in
Tornado 3.2.2.

WebSocket connections from other origin sites are now rejected by default.
Browsers do not use the same-origin policy for WebSocket connections as they
do for most other browser-initiated communications. This can be surprising
and a security risk, so we disallow these connections on the server side
by default. To accept cross-origin websocket connections, override
the new method WebSocketHandler.check_origin.

WebSocketHandler.close and WebSocketClientConnection.close now
support code and reason arguments to send a status code and
message to the other side of the connection when closing. Both classes
also have close_code and close_reason attributes to receive these
values when the other side closes.

The C speedup module now builds correctly with MSVC, and can support
messages larger than 2GB on 64-bit systems.

The fallback mechanism for detecting a missing C compiler now
works correctly on Mac OS X.

It is now allowed to override prepare in a WebSocketHandler,
and this method may generate HTTP responses (error pages) in the usual
way. The HTTP response methods are still not allowed once the
WebSocket handshake has completed.